Sean Tassi

It’s no longer optional for colleges and universities to report data breaches to the U.S. Department of Education — yet the agency has not clearly defined its expectations. Here’s what institutions should be aware of.
Until recently, colleges and universities that experienced a data breach had no unique reporting obligations to the U.S. View Full Post

Colleges and universities frequently hire third-party vendors to provide services that involve student data—cloud storage, online education delivery, and online grade books to name a few. Although the arrangements are common, they can run afoul of the Family Educational Rights and Privacy Act (20 U.S.C. View Full Post